On Tue, May 22, 2018 at 01:54:59PM -0500, Dean Troyer wrote:
> StarlingX (aka STX) was announced this week at the summit, there is a
> PR to create project repos in Gerrit at [0]. STX is basically Wind
From a cursory look at the libvirt fork, there are some questionable
choices. E.g. the config code (libvirt/src/qemu/qemu.conf) is modified
such that QEMU is launched as 'root'. That means a bug in QEMU ==
instant host compromise.
All Linux distributions (that matter) configure libvirt to launch QEMU
as a regular user ('qemu'). E.g. from Fedora's libvirt RPM spec file:
libvirt.spec:%define qemu_user qemu
libvirt.spec: --with-qemu-user=%{qemu_user} \
* * *
There are multiple other such issues in the forked libvirt code.
[...]
--
/kashyap
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
